Information about several hacks of large companies that led to a leak of confidential data:
- December 27 attackers got access to the repositories of Slack, located on Githubu , and were able to load the contents of private repositories. The reason was the theft of tokens of several Slack employees. It is noted that the user data and the primary code base of the Slack application were not affected.
- As a result of compromising the infrastructure of the Circleci continuous integration service from December 24 to January 4, the attacking gained access With all customer data, including OAUTH-TOCEN, access keys to the API, alternating environment, SSH-clips of projects and Runner tokens. According to CircleCi, the service uses more than a million developers and 30 thousand companies. Information on how exactly attackers were able to access the infrastructure is not disclosed.
- RACKSPACE attacked using previously unknown (0-day) vulnerabilities in Microsoft Exchange ( CVE-2022-41080). During the incident, access to postal correspondence, calendar-planners, tasks, address book and other data in PST-FILLE (Personal Storage Table) of 27 RACKSPACE customers who used the email service based on the Microsoft Exchange customers were recorded. Access to customer information was blocked by attacking with the intention of obtaining a ransom (Ransomware), but Rackspace restored the contents from backups. After the incident, it was decided to turn the Hosted Exchange service and transfer customers (about 30 thousand users) to the new Microsoft 365 platform.
- Openly, published Archive
/Media reports cited above.